Microsoft Azure Security Engineer Associate AZ-500 Practice Question
An Azure virtual network contains a Windows Server 2022 VM named VM1 that has no public IP. Administrators connect to VM1 through an Azure Bastion host in the same virtual network. You need to enable just-in-time (JIT) access so that VM1 remains reachable only via Bastion. Which JIT rule configuration should you apply?
Open TCP port 3389 for the VirtualNetwork service tag.
Open TCP port 22 for any source address.
Open TCP port 443 for the AzureBastionSubnet address range.
Azure Bastion connects to the target VM over its private network using the standard management port (TCP 3389 for Windows). The traffic originates from an address inside the same virtual network, which is represented in NSG and JIT rules by the VirtualNetwork service tag. Therefore, the JIT rule should open TCP port 3389 only for the VirtualNetwork tag. Allowing the Internet tag would expose the port publicly, opening port 443 would not let Bastion reach the VM, and opening port 22 targets SSH rather than RDP.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a VirtualNetwork service tag in Azure?
Open an interactive chat with Bash
How does Azure Bastion securely connect to VMs without a public IP?
Open an interactive chat with Bash
Why is TCP port 3389 used for JIT access to a Windows VM via Azure Bastion?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure compute, storage, and databases
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .